1 /* $OpenBSD: cipher-ctr.c,v 1.11 2010/10/01 23:05:32 djm Exp $ */
2 /*
3 * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17 #include "includes.h"
18
19 #include "openssl-compat.h"
20
21 #if defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR)
22 #include <sys/types.h>
23
24 #include <stdarg.h>
25 #include <string.h>
26
27 #include <openssl/evp.h>
28
29 #include "xmalloc.h"
30 #include "log.h"
31
32 /* compatibility with old or broken OpenSSL versions */
33 #ifndef WIN32
34 #include "openbsd-compat.h"
35 #endif
36
37 #ifndef USE_BUILTIN_RIJNDAEL
38 #include <openssl/aes.h>
39 #endif
40
41 struct ssh_aes_ctr_ctx
42 {
43 AES_KEY aes_ctx;
44 u_char aes_counter[AES_BLOCK_SIZE];
45 };
46
47 /*
48 * increment counter 'ctr',
49 * the counter is of size 'len' bytes and stored in network-byte-order.
50 * (LSB at ctr[len-1], MSB at ctr[0])
51 */
52 static void
ssh_ctr_inc(u_char * ctr,size_t len)53 ssh_ctr_inc(u_char *ctr, size_t len)
54 {
55 int i;
56
57 for (i = len - 1; i >= 0; i--)
58 if (++ctr[i]) /* continue on overflow */
59 return;
60 }
61
62 static int
ssh_aes_ctr(EVP_CIPHER_CTX * ctx,u_char * dest,const u_char * src,LIBCRYPTO_EVP_INL_TYPE len)63 ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
64 LIBCRYPTO_EVP_INL_TYPE len)
65 {
66 struct ssh_aes_ctr_ctx *c;
67 size_t n = 0;
68 u_char buf[AES_BLOCK_SIZE];
69
70 if (len == 0)
71 return (1);
72 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
73 return (0);
74
75 while ((len--) > 0) {
76 if (n == 0) {
77 AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
78 ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
79 }
80 *(dest++) = *(src++) ^ buf[n];
81 n = (n + 1) % AES_BLOCK_SIZE;
82 }
83 return (1);
84 }
85
86 static int
ssh_aes_ctr_init(EVP_CIPHER_CTX * ctx,const u_char * key,const u_char * iv,int enc)87 ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
88 int enc)
89 {
90 struct ssh_aes_ctr_ctx *c;
91
92 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
93 c = xmalloc(sizeof(*c));
94 EVP_CIPHER_CTX_set_app_data(ctx, c);
95 }
96 if (key != NULL)
97 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
98 &c->aes_ctx);
99 if (iv != NULL)
100 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
101 return (1);
102 }
103
104 static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX * ctx)105 ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
106 {
107 struct ssh_aes_ctr_ctx *c;
108
109 if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
110 memset(c, 0, sizeof(*c));
111 free(c);
112 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
113 }
114 return (1);
115 }
116
117 void
ssh_aes_ctr_iv(EVP_CIPHER_CTX * evp,int doset,u_char * iv,size_t len)118 ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, size_t len)
119 {
120 struct ssh_aes_ctr_ctx *c;
121
122 if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
123 fatal("ssh_aes_ctr_iv: no context");
124 if (doset)
125 memcpy(c->aes_counter, iv, len);
126 else
127 memcpy(iv, c->aes_counter, len);
128 }
129
130 const EVP_CIPHER *
evp_aes_128_ctr(void)131 evp_aes_128_ctr(void)
132 {
133 static EVP_CIPHER aes_ctr;
134
135 memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
136 aes_ctr.nid = NID_undef;
137 aes_ctr.block_size = AES_BLOCK_SIZE;
138 aes_ctr.iv_len = AES_BLOCK_SIZE;
139 aes_ctr.key_len = 16;
140 aes_ctr.init = ssh_aes_ctr_init;
141 aes_ctr.cleanup = ssh_aes_ctr_cleanup;
142 aes_ctr.do_cipher = ssh_aes_ctr;
143 #ifndef SSH_OLD_EVP
144 aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
145 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
146 #endif
147 return (&aes_ctr);
148 }
149
150 #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_HAVE_EVPCTR) */
151